def post(self, board): """Create a new board. :param board: A board within the request body. """ board_dict = board.as_dict() user_id = request.current_user_id if board.creator_id and board.creator_id != user_id: abort(400, _("You can't select the creator of a board.")) board_dict.update({"creator_id": user_id}) lanes = board_dict.pop('lanes') or [] owners = board_dict.pop('owners') users = board_dict.pop('users') if not owners: owners = [user_id] if not users: users = [] # We can't set due dates when creating boards at the moment. if 'due_dates' in board_dict: del board_dict['due_dates'] created_board = boards_api.create(board_dict) events_api.board_created_event(created_board.id, user_id, created_board.title, created_board.description) for lane in lanes: del lane.worklist boards_api.add_lane(created_board, lane.as_dict(omit_unset=True)) events_api.board_lanes_changed_event(created_board.id, user_id, added=serialize_lane(lane)) edit_permission = { 'name': 'edit_board_%d' % created_board.id, 'codename': 'edit_board', 'users': owners } move_permission = { 'name': 'move_cards_%d' % created_board.id, 'codename': 'move_cards', 'users': users } edit = boards_api.create_permission(created_board.id, edit_permission) move = boards_api.create_permission(created_board.id, move_permission) event_owners = [{ id: users_api.user_get(id).full_name } for id in owners] event_users = [{id: users_api.user_get(id).full_name} for id in users] events_api.board_permission_created_event(created_board.id, user_id, edit.id, edit.codename, event_owners) events_api.board_permission_created_event(created_board.id, user_id, move.id, move.codename, event_users) return wmodels.Board.from_db_model(created_board)
def put(self, user_id, user): """Modify this user. :param user_id: Unique id to identify the user. :param user: A user within the request body. """ current_user = users_api.user_get(request.current_user_id) # Only owners and superadmins are allowed to modify users. if request.current_user_id != user_id \ and not current_user.is_superuser: abort(403, _("You are not allowed to update this user.")) # Strip out values that you're not allowed to change. user_dict = user.as_dict(omit_unset=True) if not current_user.is_superuser: # Only superuser may create superusers or modify login permissions. if 'enable_login' in six.iterkeys(user_dict): del user_dict['enable_login'] if 'is_superuser' in six.iterkeys(user_dict): del user_dict['is_superuser'] updated_user = users_api.user_update(user_id, user_dict) return wmodels.User.from_db_model(updated_user)
def get_all(title=None, creator_id=None, user_id=None, project_id=None, task_id=None, story_id=None, sort_field=None, sort_dir=None, **kwargs): if user_id is not None: user = users_api.user_get(user_id) boards = [] for board in get_all(): if any(permission in board.permissions for permission in user.permissions): boards.append(board) return boards boards = api_base.entity_get_all(models.Board, title=title, creator_id=creator_id, project_id=project_id, sort_field=sort_field, sort_dir=sort_dir, **kwargs) if task_id: matching = [] for board in boards: if has_card(board, 'task', task_id): matching.append(board) boards = matching if story_id: matching = [] for board in boards: if has_card(board, 'story', story_id): matching.append(board) boards = matching return boards
def team_delete_user(team_id, user_id): session = api_base.get_session() with session.begin(subtransactions=True): team = _entity_get(team_id, session) if team is None: raise exc.NotFound(_("Team %s not found") % team_id) user = users.user_get(user_id) if user is None: raise exc.NotFound(_("User %s not found") % user_id) if user_id not in [u.id for u in team.users]: raise ClientSideError( _("The User %(user_id)d is not in " "Team %(team_id)d") % { 'user_id': user_id, 'team_id': team_id }) user_entry = [u for u in team.users if u.id == user_id][0] team.users.remove(user_entry) session.add(team) return team
def get(self, marker=None, limit=None, full_name=None, sort_field='id', sort_dir='asc'): """Page and filter the users in storyboard. :param marker: The resource id where the page should begin. :param limit: The number of users to retrieve. :param username: A string of characters to filter the username with. :param full_name: A string of characters to filter the full_name with. :param sort_field: The name of the field to sort on. :param sort_dir: Sort direction for results (asc, desc). """ # Boundary check on limit. if limit is not None: limit = max(0, limit) # Resolve the marker record. marker_user = users_api.user_get(marker) users = users_api.user_get_all(marker=marker_user, limit=limit, full_name=full_name, filter_non_public=True, sort_field=sort_field, sort_dir=sort_dir) user_count = users_api.user_get_count(full_name=full_name) # Apply the query response headers. if limit: response.headers['X-Limit'] = str(limit) response.headers['X-Total'] = str(user_count) if marker_user: response.headers['X-Marker'] = str(marker_user.id) return [wmodels.User.from_db_model(u) for u in users]
def post(self, story): """Create a new story. Example:: curl 'https://my.example.org/api/v1/stories' \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' \\ -H 'Content-Type: application/json;charset=UTF-8' \\ --data-binary '{"title":"Test Story","description":"A test story."}' :param story: A story within the request body. """ # Reject private story types while ACL is not created. if (story.story_type_id and (story.story_type_id == 3 or story.story_type_id == 4)): abort(400, _("Now you can't add story with type %s.") % story.story_type_id) story_dict = story.as_dict() user_id = request.current_user_id if story.creator_id and story.creator_id != user_id: abort(400, _("You can't select author of story.")) story_dict.update({"creator_id": user_id}) if not stories_api.story_can_create_story(story.story_type_id): abort(400, _("Can't create story of this type.")) if "tags" not in story_dict or not story_dict["tags"]: story_dict["tags"] = [] # We can't set due dates when creating stories at the moment. if "due_dates" in story_dict: del story_dict['due_dates'] users = None teams = None # We make sure that a user cannot remove all users and teams # from the permissions list for a story # This should be reworked so that users can be removed if there # are teams, and vice versa if "teams" in story_dict: teams = story_dict.pop("teams") if teams is None: teams = [] if "users" in story_dict: users = story_dict.pop("users") if users is None or (users == [] and teams == []): users = [wmodels.User.from_db_model(users_api.user_get(user_id))] created_story = stories_api.story_create(story_dict) events_api.story_created_event(created_story.id, user_id, story.title) if story.private: stories_api.create_permission(created_story, users, teams) return wmodels.Story.from_db_model(created_story)
def get_permissions(worklist, user_id): user = users_api.user_get(user_id) if user is not None: return [ permission.codename for permission in worklist.permissions if permission in user.permissions ] return []
def get_permissions(due_date, user_id): user = users_api.user_get(user_id) if user is not None: return [ permission.codename for permission in due_date.permissions if permission in user.permissions ] return []
def get_permissions(board, user_id): user = users_api.user_get(user_id) if user is not None: return [ permission.codename for permission in board.permissions if permission in user.permissions ] return []
def get(self, marker=None, limit=None, target_type=None, target_id=None, user_id=None, sort_field='id', sort_dir='asc'): """Retrieve a list of subscriptions for the authorized user. Example:: curl https://my.example.org/api/v1/subscriptions \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' :param marker: The resource id where the page should begin. :param limit: The number of subscriptions to retrieve. :param target_type: The type of resource to search by. :param target_id: The unique ID of the resource to search by. :param user_id: The unique ID of the user to search by. :param sort_field: The name of the field to sort on. :param sort_dir: Sort direction for results (asc, desc). """ # Boundary check on limit. if limit is not None: limit = max(0, limit) # Sanity check on user_id current_user = user_api.user_get(request.current_user_id) if user_id != request.current_user_id \ and not current_user.is_superuser: user_id = request.current_user_id # Resolve the marker record. marker_sub = subscription_api.subscription_get(marker) subscriptions = subscription_api.subscription_get_all( marker=marker_sub, limit=limit, target_type=target_type, target_id=target_id, user_id=user_id, sort_field=sort_field, sort_dir=sort_dir) subscription_count = subscription_api.subscription_get_count( target_type=target_type, target_id=target_id, user_id=user_id) # Apply the query response headers. if limit: response.headers['X-Limit'] = str(limit) response.headers['X-Total'] = str(subscription_count) if marker_sub: response.headers['X-Marker'] = str(marker_sub.id) return [Subscription.from_db_model(s) for s in subscriptions]
def get(self, marker=None, offset=None, limit=None, event_type=None, subscriber_id=None, sort_field='id', sort_dir='asc'): """Retrieve a list of subscriptions. :param marker: The resource id where the page should begin. :param offset: The offset to begin the page at. :param limit: The number of subscriptions to retrieve. :param event_type: The type of resource to search by. :param subscriber_id: The unique ID of the subscriber to search by. :param sort_field: The name of the field to sort on. :param sort_dir: Sort direction for results (asc, desc). """ # Boundary check on limit. if limit is not None: limit = max(0, limit) # Resolve the marker record. marker_sub = subscription_events_api.subscription_events_get(marker) current_user = user_api.user_get(request.current_user_id) if current_user.id != subscriber_id and \ not current_user.is_superuser: abort(403, _("Permission Denied")) if marker_sub and marker_sub.user_id != subscriber_id: marker_sub = None subscriptions = subscription_events_api.subscription_events_get_all( marker=marker_sub, offset=offset, limit=limit, subscriber_id=subscriber_id, event_type=event_type, sort_field=sort_field, sort_dir=sort_dir) subscription_count = \ subscription_events_api.subscription_events_get_count( subscriber_id=subscriber_id, event_type=event_type) # Apply the query response headers. if limit: response.headers['X-Limit'] = str(limit) if offset is not None: response.headers['X-Offset'] = str(offset) response.headers['X-Total'] = str(subscription_count) if marker_sub: response.headers['X-Marker'] = str(marker_sub.id) return [SubscriptionEvent.from_db_model(s) for s in subscriptions]
def create_permission(due_date_id, permission_dict, session=None): due_date = _due_date_get(due_date_id, session=session) users = permission_dict.pop('users') permission = api_base.entity_create( models.Permission, permission_dict, session=session) due_date.permissions.append(permission) for user_id in users: user = users_api.user_get(user_id, session=session) user.permissions.append(permission) return permission
def create_permission(worklist_id, permission_dict, session=None): worklist = _worklist_get(worklist_id, session=session) users = permission_dict.pop('users') permission = api_base.entity_create( models.Permission, permission_dict, session=session) worklist.permissions.append(permission) for user_id in users: user = users_api.user_get(user_id, session=session) user.permissions.append(permission) return permission
def create_permission(board_id, permission_dict, session=None): board = _board_get(board_id, session=session) users = permission_dict.pop('users') permission = api_base.entity_create( models.Permission, permission_dict, session=session) board.permissions.append(permission) for user_id in users: user = users_api.user_get(user_id, session=session) user.permissions.append(permission) return permission
def put(self, team_id, user_id): """Add a user to a team. :param team_id: An ID of the team. :param user_id: An ID of the user. """ teams_api.team_add_user(team_id, user_id) user = users_api.user_get(user_id) return wmodels.User.from_db_model(user)
def task_assignee_changed(event): event_info = json.loads(event.event_info) old_assignee_id = event_info["old_assignee_id"] old_assignee = users_api.user_get(old_assignee_id) if old_assignee: old_fullname = old_assignee.full_name else: old_fullname = "unassigned" event_info["old_assignee_fullname"] = old_fullname new_assignee_id = event_info["new_assignee_id"] new_assignee = users_api.user_get(new_assignee_id) if new_assignee: new_fullname = new_assignee.full_name else: new_fullname = "unassigned" event_info["new_assignee_fullname"] = new_fullname event.event_info = json.dumps(event_info) return event
def post(self, subscription): """Create a new subscription. Note: target_id is the same value as the story_id of a story. Example:: curl https://my.example.org/api/v1/subscriptions \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' \\ -H 'Content-Type: application/json;charset=UTF-8' \\ --data-binary '{"target_type":"story","target_id":8}' :param subscription: A subscription within the request body. """ # Data sanity check - are all fields set? if not subscription.target_type or not subscription.target_id: abort( 400, _('You are missing either the target_type or the' ' target_id')) # Sanity check on user_id current_user = user_api.user_get(request.current_user_id) if not subscription.user_id: subscription.user_id = request.current_user_id elif subscription.user_id != request.current_user_id \ and not current_user.is_superuser: abort(403, _("You can only subscribe to resources on your own.")) # Data sanity check: The resource must exist. resource = subscription_api.subscription_get_resource( target_type=subscription.target_type, target_id=subscription.target_id, current_user=request.current_user_id) if not resource: abort(400, _('You cannot subscribe to a nonexistent resource.')) # Data sanity check: The subscription cannot be duplicated for this # user. existing = subscription_api.subscription_get_all( target_type=[ subscription.target_type, ], target_id=subscription.target_id, user_id=subscription.user_id) if existing: abort(409, _('You are already subscribed to this resource.')) result = subscription_api.subscription_create(subscription.as_dict()) return Subscription.from_db_model(result)
def get(self, marker=None, offset=None, limit=None, full_name=None, email=None, openid=None, sort_field='id', sort_dir='asc'): """Page and filter the users in storyboard. Example:: curl https://my.example.org/api/v1/users :param marker: The resource id where the page should begin. :param offset: The offset to start the page at. :param limit: The number of users to retrieve. :param full_name: A string of characters to filter the full_name with. :param email: A string of characters to filter the email with. :param openid: A string of characters to filter the openid with. :param sort_field: The name of the field to sort on. :param sort_dir: Sort direction for results (asc, desc). """ # Boundary check on limit. if limit is not None: limit = max(0, limit) # Resolve the marker record. marker_user = None if marker is not None: marker_user = users_api.user_get(marker) users = users_api.user_get_all(marker=marker_user, offset=offset, limit=limit, full_name=full_name, email=email, openid=openid, filter_non_public=True, sort_field=sort_field, sort_dir=sort_dir) user_count = users_api.user_get_count(full_name=full_name, email=email, openid=openid) # Apply the query response headers. if limit: response.headers['X-Limit'] = str(limit) response.headers['X-Total'] = str(user_count) if marker_user: response.headers['X-Marker'] = str(marker_user.id) if offset is not None: response.headers['X-Offset'] = str(offset) return [wmodels.User.from_db_model(u) for u in users]
def get_one(self, subscription_id): """Retrieve a specific subscription record. :param subscription_id: The unique id of this subscription. """ subscription = subscription_api.subscription_get(subscription_id) current_user = user_api.user_get(request.current_user_id) if subscription.user_id != request.current_user_id \ and not current_user.is_superuser: abort(403, _("You do not have access to this record.")) return Subscription.from_db_model(subscription)
def get_one(self, subscription_event_id): """Retrieve a specific subscription record. :param subscription_event_id: The unique id of this subscription. """ subscription_event = subscription_events_api \ .subscription_events_get(subscription_event_id) current_user = user_api.user_get(request.current_user_id) if current_user.id != subscription_event.subscriber_id and \ not current_user.is_superuser: abort(403, _("Permission Denied")) return SubscriptionEvent.from_db_model(subscription_event)
def get_one(self, user_id): """Retrieve details about one user. :param user_id: The unique id of this user """ filter_non_public = True if user_id == request.current_user_id: filter_non_public = False user = users_api.user_get(user_id, filter_non_public) if not user: raise exc.NotFound(_("User %s not found") % user_id) return user
def delete(self, subscription_id): """Delete a specific subscription. :param subscription_id: The unique id of the subscription to delete. """ subscription = subscription_api.subscription_get(subscription_id) # Sanity check on user_id current_user = user_api.user_get(request.current_user_id) if subscription.user_id != request.current_user_id \ and not current_user.is_superuser: abort(403, _("You can only remove your own subscriptions.")) subscription_api.subscription_delete(subscription_id)
def create_permission(story, users, session=None): story = api_base.model_query(models.Story, session) \ .options(subqueryload(models.Story.tags)) \ .filter_by(id=story.id).first() permission_dict = { 'name': 'view_story_%d' % story.id, 'codename': 'view_story' } permission = api_base.entity_create(models.Permission, permission_dict) story.permissions.append(permission) for user in users: user = users_api.user_get(user.id) user.permissions.append(permission) return permission
def update_permission(story, users, session=None): story = api_base.model_query(models.Story, session) \ .options(subqueryload(models.Story.tags)) \ .filter_by(id=story.id).first() if not story.permissions: raise exc.NotFound(_("Permissions for story %d not found.") % story.id) permission = story.permissions[0] permission_dict = { 'name': permission.name, 'codename': permission.codename, 'users': [users_api.user_get(user.id) for user in users] } return api_base.entity_update(models.Permission, permission.id, permission_dict)
def put(self, team_id, user_id): """Add a user to a team. Example:: TODO :param team_id: An ID of the team. :param user_id: An ID of the user. """ teams_api.team_add_user(team_id, user_id) user = users_api.user_get(user_id) user = api_base._filter_non_public_fields(user, user._public_fields) return wmodels.User.from_db_model(user)
def delete(self, subscription_event_id): """Delete a specific subscription. :param subscription_event_id: The unique id of the subscription_event to delete. """ subscription_event = subscription_events_api \ .subscription_events_get(subscription_event_id) current_user = user_api.user_get(request.current_user_id) if current_user.id != subscription_event.subscriber_id and \ not current_user.is_superuser: abort(403, _("Permission Denied")) subscription_events_api.subscription_events_delete( subscription_event_id)
def update_permission(due_date_id, permission_dict): due_date = _due_date_get(due_date_id) id = None for permission in due_date.permissions: if permission.codename == permission_dict['codename']: id = permission.id users = permission_dict.pop('users') permission_dict['users'] = [] for user_id in users: user = users_api.user_get(user_id) permission_dict['users'].append(user) if id is None: raise ClientSideError(_("Permission %s does not exist") % permission_dict['codename']) return api_base.entity_update(models.Permission, id, permission_dict)
def post(self, subscription): """Create a new subscription. Note: target_id is the same value as the story_id of a story. Example:: curl https://my.example.org/api/v1/subscriptions \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' \\ -H 'Content-Type: application/json;charset=UTF-8' \\ --data-binary '{"target_type":"story","target_id":8}' :param subscription: A subscription within the request body. """ # Data sanity check - are all fields set? if not subscription.target_type or not subscription.target_id: abort(400, _('You are missing either the target_type or the' ' target_id')) # Sanity check on user_id current_user = user_api.user_get(request.current_user_id) if not subscription.user_id: subscription.user_id = request.current_user_id elif subscription.user_id != request.current_user_id \ and not current_user.is_superuser: abort(403, _("You can only subscribe to resources on your own.")) # Data sanity check: The resource must exist. resource = subscription_api.subscription_get_resource( target_type=subscription.target_type, target_id=subscription.target_id, current_user=request.current_user_id) if not resource: abort(400, _('You cannot subscribe to a nonexistent resource.')) # Data sanity check: The subscription cannot be duplicated for this # user. existing = subscription_api.subscription_get_all( target_type=[subscription.target_type, ], target_id=subscription.target_id, user_id=subscription.user_id) if existing: abort(409, _('You are already subscribed to this resource.')) result = subscription_api.subscription_create(subscription.as_dict()) return Subscription.from_db_model(result)
def superuser(): token = _get_token() if not token: return False token = token_api.access_token_get_by_token(token) if not token: return False user = user_api.user_get(token.user_id) if not user.is_superuser: abort(403, _("This action is limited to superusers only.")) return user.is_superuser
def self(self): """Return the currently logged in user Example:: curl https://my.example.org/api/v1/users/self \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' :return: The User record for the current user. """ user = users_api.user_get(request.current_user_id, filter_non_public=False) if not user: raise exc.NotFound(_("User %s not found") % request.current_user_id) return user
def post(self, story): """Create a new story. :param story: A story within the request body. """ # Reject private story types while ACL is not created. if (story.story_type_id and (story.story_type_id == 3 or story.story_type_id == 4)): abort( 400, _("Now you can't add story with type %s.") % story.story_type_id) story_dict = story.as_dict() user_id = request.current_user_id if story.creator_id and story.creator_id != user_id: abort(400, _("You can't select author of story.")) story_dict.update({"creator_id": user_id}) if not stories_api.story_can_create_story(story.story_type_id): abort(400, _("Can't create story of this type.")) if not "tags" in story_dict or not story_dict["tags"]: story_dict["tags"] = [] # We can't set due dates when creating stories at the moment. if "due_dates" in story_dict: del story_dict['due_dates'] users = [] if "users" in story_dict: users = story_dict.pop("users") if users is None: users = [wmodels.User.from_db_model(users_api.user_get(user_id))] created_story = stories_api.story_create(story_dict) events_api.story_created_event(created_story.id, user_id, story.title) if story.private: stories_api.create_permission(created_story, users) return wmodels.Story.from_db_model(created_story)
def get_one(self, subscription_id): """Retrieve a specific subscription record. Example:: curl https://my.example.org/api/v1/subscriptions/4 \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' :param subscription_id: The unique id of this subscription. """ subscription = subscription_api.subscription_get(subscription_id) current_user = user_api.user_get(request.current_user_id) if subscription.user_id != request.current_user_id \ and not current_user.is_superuser: abort(403, _("You do not have access to this record.")) return Subscription.from_db_model(subscription)
def delete(self, subscription_id): """Delete a specific subscription. Example:: curl https://my.example.org/api/v1/subscriptions/10 -X DELETE \\ -H 'Authorization: Bearer MY_ACCESS_TOKEN' :param subscription_id: The unique id of the subscription to delete. """ subscription = subscription_api.subscription_get(subscription_id) # Sanity check on user_id current_user = user_api.user_get(request.current_user_id) if subscription.user_id != request.current_user_id \ and not current_user.is_superuser: abort(403, _("You can only remove your own subscriptions.")) subscription_api.subscription_delete(subscription_id)
def _assert_can_access(self, user_id, token_entity=None): current_user = user_api.user_get(request.current_user_id) if not user_id: abort(400, _("user_id is missing.")) # The user must be logged in. if not current_user: abort(401, _("You must log in to do this.")) # If the impacted user is not the current user, the current user must # be an admin. if not current_user.is_superuser and current_user.id != user_id: abort(403, _("You are not admin and can't do this.")) # The path-based impacted user and the user found in the entity must # be identical. No PUT /users/1/tokens { user_id: 2 } if token_entity and token_entity.user_id != user_id: abort(403, _("token_entity.user_id or user_id is wrong."))
def post(self, subscription): """Create a new subscription. :param subscription: A subscription within the request body. """ # Data sanity check - are all fields set? if not subscription.target_type or not subscription.target_id: abort( 400, _('You are missing either the target_type or the' ' target_id')) # Sanity check on user_id current_user = user_api.user_get(request.current_user_id) if not subscription.user_id: subscription.user_id = request.current_user_id elif subscription.user_id != request.current_user_id \ and not current_user.is_superuser: abort(403, _("You can only subscribe to resources on your own.")) # Data sanity check: The resource must exist. resource = subscription_api.subscription_get_resource( target_type=subscription.target_type, target_id=subscription.target_id, current_user=request.current_user_id) if not resource: abort(400, _('You cannot subscribe to a nonexistent resource.')) # Data sanity check: The subscription cannot be duplicated for this # user. existing = subscription_api.subscription_get_all( target_type=[ subscription.target_type, ], target_id=subscription.target_id, user_id=subscription.user_id) if existing: abort(409, _('You are already subscribed to this resource.')) result = subscription_api.subscription_create(subscription.as_dict()) return Subscription.from_db_model(result)
def post(self, story): """Create a new story. :param story: A story within the request body. """ # Reject private story types while ACL is not created. if (story.story_type_id and (story.story_type_id == 3 or story.story_type_id == 4)): abort(400, _("Now you can't add story with type %s.") % story.story_type_id) story_dict = story.as_dict() user_id = request.current_user_id if story.creator_id and story.creator_id != user_id: abort(400, _("You can't select author of story.")) story_dict.update({"creator_id": user_id}) if not stories_api.story_can_create_story(story.story_type_id): abort(400, _("Can't create story of this type.")) if not "tags" in story_dict or not story_dict["tags"]: story_dict["tags"] = [] # We can't set due dates when creating stories at the moment. if "due_dates" in story_dict: del story_dict['due_dates'] users = [] if "users" in story_dict: users = story_dict.pop("users") if users is None: users = [wmodels.User.from_db_model(users_api.user_get(user_id))] created_story = stories_api.story_create(story_dict) events_api.story_created_event(created_story.id, user_id, story.title) if story.private: stories_api.create_permission(created_story, users) return wmodels.Story.from_db_model(created_story)
def team_add_user(team_id, user_id): session = api_base.get_session() with session.begin(subtransactions=True): team = _entity_get(team_id, session) if team is None: raise exc.NotFound(_("Team %s not found") % team_id) user = users.user_get(user_id) if user is None: raise exc.NotFound(_("User %s not found") % user_id) if user_id in [u.id for u in team.users]: raise ClientSideError(_("The User %(user_id)d is already " "in Team %(team_id)d") % {'user_id': user_id, 'team_id': team_id}) team.users.append(user) session.add(team) return team
def team_delete_user(team_id, user_id): session = api_base.get_session() with session.begin(subtransactions=True): team = _entity_get(team_id, session) if team is None: raise exc.NotFound(_("Team %s not found") % team_id) user = users.user_get(user_id) if user is None: raise exc.NotFound(_("User %s not found") % user_id) if user_id not in [u.id for u in team.users]: raise ClientSideError(_("The User %(user_id)d is not in " "Team %(team_id)d") % {'user_id': user_id, 'team_id': team_id}) user_entry = [u for u in team.users if u.id == user_id][0] team.users.remove(user_entry) session.add(team) return team